package com.system.shiro;

import com.system.mapper.SysPermissionMapper;
import com.system.mapper.SysRoleMapper;
import com.system.mapper.SysUserMapper;
import com.system.model.SysPermission;
import com.system.model.SysRole;
import com.system.model.SysUser;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.beans.factory.annotation.Autowired;

import java.util.HashSet;
import java.util.List;

public class ShiroRealm extends AuthorizingRealm {
    @Autowired
    private SysUserMapper sysUserMapper;
    @Autowired
    private SysRoleMapper sysRoleMapper;
    @Autowired
    private SysPermissionMapper sysPermissionMapper;

    //认证
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
//        获取用户输入的用户名
        String username =(String) authenticationToken.getPrincipal();
//        获取用户信息
        SysUser sysUser=sysUserMapper.getCurrentSysUserByUsername(username);
//        业务分析
        if(sysUser==null){
            throw new UnknownAccountException();//未知账号
        }
//        判断账号是否被锁定（状态：0-禁用；1-锁定；2-启用）
        if(sysUser.getState()=="0"){
            throw new DisabledAccountException();//账号禁用
        }
        if(sysUser.getState()=="1"){
            throw new LockedAccountException();//账号锁定
        }
//        验证
        SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(
                sysUser, //当前用户
                sysUser.getPassword(), //密码
                ByteSource.Util.bytes(sysUser.getSalt()), //盐
                getName() //realm name(域对象名称)
        );
        return authenticationInfo;
    }

    // 授权
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        //1.拿到待授权的用户对象
        SimpleAuthorizationInfo authorization = new SimpleAuthorizationInfo();
        //2.获取用户信息
        SysUser sysUser =(SysUser) principalCollection.getPrimaryPrincipal();
        Integer userId = sysUser.getUserId();
        //3.查询登录用户角色
        HashSet<String> roles = new HashSet<>();
        List<SysRole> loginSysRoleList = sysRoleMapper.queryLoginSysUserAllSysRole(userId);
        for (SysRole sysRole : loginSysRoleList) {
            roles.add(sysRole.getRoleCode());
        }

        //4.查询登录用户权限
        HashSet<String> permissions = new HashSet<>();
        List<SysPermission> loginSysPermissionList = sysPermissionMapper.queryLoginSysUserAllSysPermission(userId);
        for (SysPermission sysPermission : loginSysPermissionList) {
            permissions.add(sysPermission.getPermissionCode());
        }
        //5.创建一个权限对象，收集角色和权限信息
        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
        info.addRoles(roles);
        info.addStringPermissions(permissions);
        return info;
    }
}
